Documentation

Subversion Access

Bug Tracker

Who we are

Contact

Feeds
Print
Security and Access Control

h3 Overview

DamageControl has no built in access control or authentication features. Instead it is possible to use for example an Apache proxy for this purpose.

The URLs in DamageControl are separated between read-only URLs (starting with /public) and read-write URLs (starting with /private). To secure your DamageControl installation you need to set up an Apache proxy with authenticated access to the /private namespace.

h3 How to set up an authenticating Apache proxy

h4 Restricting direct access to DamageControl

Run DamageControl with restricted access so that it only allows access from localhost (and optionally the server that runs your SCM, see below).

Your startup script should look something like:

server = DamageControlServer.new(
  :RootDir => buildRoot,
  :HttpPort => 4712,
  :HttpsPort => 4713,
  :AllowIPs => [ "127.0.0.1", "64.7.141.17" ]
  )

That is, :AllowIPs will allow requests from 127.0.0.1 and from where the SCM runs 64.7.141.17.

h4 Configure Apache to proxy requests to

Assuming you are running on the default port (4712) the following should be put in your Apache config file:

ProxyRequests off
ProxyPass /private http://localhost:4712/private
ProxyPassReverse /private http://localhost:4712/private
ProxyPass /public http://localhost:4712/public
ProxyPassReverse /public http://localhost:4712/public
<Directory private:*>
  AuthType Digest
  AuthName damagecontrol
  AuthDigestFile /home/services/dcontrol/passwd
  AuthGroupFile /home/services/dcontrol/groups
  Require group admin
</Directory>

The Authxxxx stuff and the actual URLs in ProxyPass can of course be tuned to your liking (DamageControl only uses relative URLs internally).

Note that this can not be put into an .htaccess file (Proxyxxxx directives are only valid on the top-level or under a VirtualHost directive).

Do not forget the ProxyPassReverse settings as the DamageControl web admin interfaces won't function properly without it. You need both ProxyPassReverse and ProxyPass.

h4 Allowing access to your trigger

The trigger (the thing that requests a build from DamageControl when you commit files in your SCM) does not support any authentication at the moment so it needs to connect directly with DamageControl through XMLRPC.

If you run the SCM on the same server as DamageControl then just point the trigger to http://localhost:4712/private/xmlrpc and you are done.

If the SCM is running on a different server you need to allow access from that server directly to DamageControl and then point the trigger directly towards DamageControl, ie. http://DAMAGECONTROL SERVER HOST:4712/private/xmlrpc. You do this by adding the IP address of your SCM server to the :AllowIPs setting.

h4 Blocking access to DamageControl using a firewall

It could be a good idea to further enhance security by blocking direct access to DamageControl using some kind of firewall. DamageControl is written in Ruby and is therefor not as sensitive to for example buffer overflow attacks, but it could still be a good idea.
Copyright 2003-2006 - The Codehaus. All rights reserved unless otherwise noted.
Powered by Atlassian Confluence